fix(storage): webauthn kid too short for some devices (#2957)

This fixes an issue that may cause the kid length of a webauthn device to exceed that length allowed by the database column.
2022-03-04 21:21:08 +11:00 · 2022-03-04 21:21:08 +11:00 · 204cef4d03
parent 82d28155d0
commit 204cef4d03
9 changed files with 84 additions and 4 deletions
--- a/docs/configuration/storage/migrations.md
+++ b/docs/configuration/storage/migrations.md
@ -23,3 +23,4 @@ this instance if you wanted to downgrade to pre1 you would need to use an Authel
 |      pre1      |      4.0.0       |                   Downgrading to this version requires you use the --pre1 flag                    |
 |       1        |      4.33.0      |                                 Initial migration managed version                                 |
 |       2        |      4.34.0      | Webauthn - added webauthn_devices table, altered totp_config to include device created/used dates |
 |       3        |      4.34.2      |     Webauthn - fix V2 migration kid column length and provide migration path for anyone on V2     |
--- a/internal/storage/const.go
+++ b/internal/storage/const.go
@ -56,7 +56,7 @@ const (
 const (
 	// This is the latest schema version for the purpose of tests.
-	testLatestVersion = 2
+	testLatestVersion = 3
 )
 const (
--- a/internal/storage/migrations/V0002.Webauthn.mysql.up.sql
+++ b/internal/storage/migrations/V0002.Webauthn.mysql.up.sql
@ -26,7 +26,7 @@ CREATE TABLE IF NOT EXISTS webauthn_devices (
    rpid TEXT,
    username VARCHAR(100) NOT NULL,
    description VARCHAR(30) NOT NULL DEFAULT 'Primary',
-    kid VARCHAR(100) NOT NULL,
+    kid VARCHAR(512) NOT NULL,
    public_key BLOB NOT NULL,
    attestation_type VARCHAR(32),
    transport VARCHAR(20) DEFAULT '',
--- a/internal/storage/migrations/V0002.Webauthn.postgres.up.sql
+++ b/internal/storage/migrations/V0002.Webauthn.postgres.up.sql
@ -26,7 +26,7 @@ CREATE TABLE IF NOT EXISTS webauthn_devices (
    rpid TEXT,
    username VARCHAR(100) NOT NULL,
    description VARCHAR(30) NOT NULL DEFAULT 'Primary',
-    kid VARCHAR(100) NOT NULL,
+    kid VARCHAR(512) NOT NULL,
    public_key BYTEA NOT NULL,
    attestation_type VARCHAR(32),
    transport VARCHAR(20) DEFAULT '',
--- a/internal/storage/migrations/V0002.Webauthn.sqlite.up.sql
+++ b/internal/storage/migrations/V0002.Webauthn.sqlite.up.sql
@ -26,7 +26,7 @@ CREATE TABLE IF NOT EXISTS webauthn_devices (
    rpid TEXT,
    username VARCHAR(100) NOT NULL,
    description VARCHAR(30) NOT NULL DEFAULT 'Primary',
-    kid VARCHAR(100) NOT NULL,
+    kid VARCHAR(512) NOT NULL,
    public_key BLOB NOT NULL,
    attestation_type VARCHAR(32),
    transport VARCHAR(20) DEFAULT '',
--- a/internal/storage/migrations/V0003.WebauthnKIDLength.all.down.sql
+++ b/internal/storage/migrations/V0003.WebauthnKIDLength.all.down.sql
@ -0,0 +1 @@
 DROP TABLE IF EXISTS _bkp_UP_V0003_webauthn_devices;
--- a/internal/storage/migrations/V0003.WebauthnKIDLength.mysql.up.sql
+++ b/internal/storage/migrations/V0003.WebauthnKIDLength.mysql.up.sql
@ -0,0 +1,26 @@
 ALTER TABLE webauthn_devices RENAME _bkp_UP_V0003_webauthn_devices;
 CREATE TABLE IF NOT EXISTS webauthn_devices (
    id INTEGER AUTO_INCREMENT,
    created_at TIMESTAMP NOT NULL DEFAULT CURRENT_TIMESTAMP,
    last_used_at TIMESTAMP NULL DEFAULT NULL,
    rpid TEXT,
    username VARCHAR(100) NOT NULL,
    description VARCHAR(30) NOT NULL DEFAULT 'Primary',
    kid VARCHAR(512) NOT NULL,
    public_key BLOB NOT NULL,
    attestation_type VARCHAR(32),
    transport VARCHAR(20) DEFAULT '',
    aaguid CHAR(36) NOT NULL,
    sign_count INTEGER DEFAULT 0,
    clone_warning BOOLEAN NOT NULL DEFAULT FALSE,
    PRIMARY KEY (id),
    UNIQUE KEY (username, description),
    UNIQUE KEY (kid)
 );
 INSERT INTO webauthn_devices (id, created_at, last_used_at, rpid, username, description, kid, public_key, attestation_type, transport, aaguid, sign_count, clone_warning)
 SELECT id, created_at, last_used_at, rpid, username, description, kid, public_key, attestation_type, transport, aaguid, sign_count, clone_warning
 FROM _bkp_UP_V0003_webauthn_devices;
 DROP TABLE IF EXISTS _bkp_UP_V0003_webauthn_devices;
--- a/internal/storage/migrations/V0003.WebauthnKIDLength.postgres.up.sql
+++ b/internal/storage/migrations/V0003.WebauthnKIDLength.postgres.up.sql
@ -0,0 +1,26 @@
 ALTER TABLE webauthn_devices RENAME TO _bkp_UP_V0003_webauthn_devices;
 CREATE TABLE IF NOT EXISTS webauthn_devices (
    id SERIAL,
    created_at TIMESTAMP WITH TIME ZONE NOT NULL DEFAULT CURRENT_TIMESTAMP,
    last_used_at TIMESTAMP WITH TIME ZONE NULL DEFAULT NULL,
    rpid TEXT,
    username VARCHAR(100) NOT NULL,
    description VARCHAR(30) NOT NULL DEFAULT 'Primary',
    kid VARCHAR(512) NOT NULL,
    public_key BYTEA NOT NULL,
    attestation_type VARCHAR(32),
    transport VARCHAR(20) DEFAULT '',
    aaguid CHAR(36) NOT NULL,
    sign_count INTEGER DEFAULT 0,
    clone_warning BOOLEAN NOT NULL DEFAULT FALSE,
    PRIMARY KEY (id),
    UNIQUE (username, description),
    UNIQUE (kid)
 );
 INSERT INTO webauthn_devices (id, created_at, last_used_at, rpid, username, description, kid, public_key, attestation_type, transport, aaguid, sign_count, clone_warning)
 SELECT id, created_at, last_used_at, rpid, username, description, kid, public_key, attestation_type, transport, aaguid, sign_count, clone_warning
 FROM _bkp_UP_V0003_webauthn_devices;
 DROP TABLE IF EXISTS _bkp_UP_V0003_webauthn_devices;
--- a/internal/storage/migrations/V0003.WebauthnKIDLength.sqlite.up.sql
+++ b/internal/storage/migrations/V0003.WebauthnKIDLength.sqlite.up.sql
@ -0,0 +1,26 @@
 ALTER TABLE webauthn_devices RENAME TO _bkp_UP_V0003_webauthn_devices;
 CREATE TABLE IF NOT EXISTS webauthn_devices (
    id INTEGER,
    created_at TIMESTAMP NOT NULL DEFAULT CURRENT_TIMESTAMP,
    last_used_at TIMESTAMP NULL DEFAULT NULL,
    rpid TEXT,
    username VARCHAR(100) NOT NULL,
    description VARCHAR(30) NOT NULL DEFAULT 'Primary',
    kid VARCHAR(512) NOT NULL,
    public_key BLOB NOT NULL,
    attestation_type VARCHAR(32),
    transport VARCHAR(20) DEFAULT '',
    aaguid CHAR(36) NOT NULL,
    sign_count INTEGER DEFAULT 0,
    clone_warning BOOLEAN NOT NULL DEFAULT FALSE,
    PRIMARY KEY (id),
    UNIQUE (username, description),
    UNIQUE (kid)
 );
 INSERT INTO webauthn_devices (id, created_at, last_used_at, rpid, username, description, kid, public_key, attestation_type, transport, aaguid, sign_count, clone_warning)
 SELECT id, created_at, last_used_at, rpid, username, description, kid, public_key, attestation_type, transport, aaguid, sign_count, clone_warning
 FROM _bkp_UP_V0003_webauthn_devices;
 DROP TABLE IF EXISTS _bkp_UP_V0003_webauthn_devices;
		`@ -0,0 +1 @@`
							`DROP TABLE IF EXISTS _bkp_UP_V0003_webauthn_devices;`